Maternal & Family Health Services in Eastern Pennsylvania has recently notified certain patients about an April 4, 2022, ransomware attack in which sensitive patient data was exposed. When the attack was detected, systems were secured, and a third-party computer forensics firm was engaged to investigate and determine the nature and scope of the breach. The… Read More »
The Health Insurance Portability and Accountability Act was signed into law in 1996 and while there have been some significant HIPAA updates over the last two decades, the last set of major HIPAA updates occurred in 2013 with the introduction of the HIPAA Omnibus Final Rule. Updates to HIPAA are long overdue but steps were… Read More »
Natalie Birindelli, Healthcare Engagement Advisor at Amazon Web Services has shared her thoughts on HIPAA and how the legislation relates to her role and her career. Tell the readers about your career in the healthcare industry Experienced Healthcare Cybersecurity/Information Technology Leader with over 20 years in the hospital & healthcare industry. Skilled in Telehealth, Cybersecurity,… Read More »
A long-running investigation into the practices of obtaining consent from Facebook and Instagram users to use their personal data for advertising purposes has resulted in a €390 million ($414 million) financial penalty for Meta for violations of the European Union’s General Data Protection Regulation (GDPR). The Irish Data Protection Commission (DPC) launched an investigation into… Read More »
Washington Attorney General Bob Ferguson is suing a plastic surgery provider for falsely inflating online ratings, bribing, and threatening patients, and alleges the actions of the practice violated the Health Insurance Portability and Accountability Act (HIPAA) Rules. The lawsuit was filed in the U.S. District Court for the Western District of Washington against the Seattle… Read More »
The Chicago, IL-based health system, CommonSpirit Health, is facing a class action lawsuit over its October 2022 ransomware attack. Malicious actors gained access to its IT systems on September 16, 2022, and deployed ransomware on October 2, 2022. The attack forced the shutdown of its electronic medical record system and caused considerable disruption over several… Read More »
The Health Sector Cybersecurity Coordination Center (HC3) has shared information on the Clop (Cl0p) ransomware-as-a-service operation, the affiliates of which are known to conduct attacks on the healthcare and public health (HPH) sector. Clop ransomware was first detected in February 2019 and is the successor to CryptoMix ransomware. The group is highly active and was… Read More »
Vulnerabilities have been discovered in Citrix solutions, Netgear routers, and Zoho ManageEngine products that require immediate patching. One of the Citrix vulnerabilities is being actively exploited by an APT actor, and it is likely that attempts will be made to exploit the Netgear and Zoho flaws on unpatched devices. Citrix Gateway and Citrix ADC Vulnerabilities… Read More »
The Chicago, IL-based social justice and human rights organization, Heartland Alliance, announced on December 15, 2022, that it was the victim of a cyberattack. The security breach was discovered on January 26, 2022, and prompt action was taken to secure its systems to prevent further unauthorized access. A leading third-party cybersecurity firm was engaged to… Read More »
Back in June 2022, HIPAA Journal reported on a cyberattack on Fitzgibbon Hospital in Marshall, MO, after being contacted directly by a spokesperson for a threat group called DAIXIN Team, who claimed responsibility for the attack. That individual said the hospital’s systems had been compromised and 40GB of data had been exfiltrated, which included files… Read More »